diff options
author | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-02-19 12:04:26 +0000 |
---|---|---|
committer | Simon McVittie <simon.mcvittie@collabora.co.uk> | 2015-08-06 17:12:36 +0100 |
commit | 327a52e4eb90c94dc47579b7890974b65f2f9e53 (patch) | |
tree | cc652814cd42332f56ba8fded32a388f6ed7393c /bus/apparmor.c | |
parent | d0e9d8e7bad9280f03e9389eef220d219f84dd16 (diff) | |
download | dbus-327a52e4eb90c94dc47579b7890974b65f2f9e53.tar.gz |
bus: move shared libaudit code to a new audit.[ch]
This fixes various duplicated libaudit interactions in both
SELinux and AppArmor code paths, including opening two audit sockets
if both SELinux and AppArmor were enabled at compile time.
In particular, audit.c is now the only user of libcap-ng.
This commit is not intended to introduce any functional changes,
except for the de-duplication.
The actual audit_log_user_avc_message() call is still duplicated,
because the SELinux and AppArmor code paths use different mechanisms
to compose the audit message: the SELinux path uses a statically-sized
buffer on the stack which might be subject to truncation, whereas
the AppArmor path uses malloc() (via DBusString) and falls back to
using syslog on a memory allocation failure.
Bug: https://bugs.freedesktop.org/show_bug.cgi?id=89225
Reviewed-by: Colin Walters <walters@verbum.org>
[smcv: minor issues raised during review are subsequently fixed]
Signed-off-by: Simon McVittie <simon.mcvittie@collabora.co.uk>
Diffstat (limited to 'bus/apparmor.c')
-rw-r--r-- | bus/apparmor.c | 39 |
1 files changed, 6 insertions, 33 deletions
diff --git a/bus/apparmor.c b/bus/apparmor.c index a1b3621a..3ba84d8d 100644 --- a/bus/apparmor.c +++ b/bus/apparmor.c @@ -43,10 +43,10 @@ #include <unistd.h> #ifdef HAVE_LIBAUDIT -#include <cap-ng.h> #include <libaudit.h> #endif /* HAVE_LIBAUDIT */ +#include "audit.h" #include "connection.h" #include "utils.h" @@ -62,10 +62,6 @@ typedef enum { /* Store the value of the AppArmor mediation mode in the bus configuration */ static AppArmorConfigMode apparmor_config_mode = APPARMOR_ENABLED; -#ifdef HAVE_LIBAUDIT -static int audit_fd = -1; -#endif - /* The AppArmor context, consisting of a label and a mode. */ struct BusAppArmorConfinement { @@ -105,25 +101,6 @@ bus_apparmor_confinement_new (char *label, return confinement; } -void -bus_apparmor_audit_init (void) -{ -#ifdef HAVE_LIBAUDIT - audit_fd = audit_open (); - - if (audit_fd < 0) - { - /* If kernel doesn't support audit, bail out */ - if (errno == EINVAL || errno == EPROTONOSUPPORT || errno == EAFNOSUPPORT) - return; - /* If user bus, bail out */ - if (errno == EPERM && getuid () != 0) - return; - _dbus_warn ("Failed opening connection to the audit subsystem"); - } -#endif /* HAVE_LIBAUDIT */ -} - /* * Return TRUE on successful check, FALSE on OOM. * Set *is_supported to whether AA has D-Bus features. @@ -189,6 +166,9 @@ static void log_message (dbus_bool_t allow, const char *op, DBusString *data) { const char *mstr; +#ifdef HAVE_LIBAUDIT + int audit_fd; +#endif if (allow) mstr = "ALLOWED"; @@ -196,14 +176,12 @@ log_message (dbus_bool_t allow, const char *op, DBusString *data) mstr = "DENIED"; #ifdef HAVE_LIBAUDIT + audit_fd = bus_audit_get_fd (); + if (audit_fd >= 0) { DBusString avc; - capng_get_caps_process (); - if (!capng_have_capability (CAPNG_EFFECTIVE, CAP_AUDIT_WRITE)) - goto syslog; - if (!_dbus_string_init (&avc)) goto syslog; @@ -510,11 +488,6 @@ bus_apparmor_shutdown (void) bus_apparmor_confinement_unref (bus_con); bus_con = NULL; - -#ifdef HAVE_LIBAUDIT - audit_close (audit_fd); -#endif /* HAVE_LIBAUDIT */ - #endif /* HAVE_APPARMOR */ } |